Announcement

Collapse
No announcement yet.

Firefox 66.0.4 Released To Address The Broken Add-Ons Issue Due To Expired Certificate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Firefox 66.0.4 Released To Address The Broken Add-Ons Issue Due To Expired Certificate

    Phoronix: Firefox 66.0.4 Released To Address The Broken Add-Ons Issue Due To Expired Certificate

    After a long weekend, Mozilla has released Firefox 66.0.4 to address the glaring omission on Friday that led to most browser add-ons getting disabled due to an expired certificate used for signing these plug-ins...

    http://www.phoronix.com/scan.php?pag...6.0.4-Released

  • #2
    took them long enough

    Comment


    • #3
      Originally posted by some_canuck View Post
      took them long enough
      1. There was a solution released within a few hours of it happening. You just had to enable the studies option so that they could deliver it to you as a non-full release update, then turn studies back off.
      2. It's the weekend. They probably had to call people in who were at home to deal with this, hence the delayed response time in the first place.
      3. A full update build of the browser can't just be pushed. It has to go through chains of testing before being released.

      All in all, it shouldn't have happened, but mistakes are inevitable when humans are in charge of anything. I like that they managed to (technically) fix it within a few hours of it happening.

      Comment


      • #4
        Came to Phoronix. Saw an article about FF certificates and plugins not working. My stuff worked. Read Phoronix comments and saw some fixes. Went on about my day.

        Three hours later my stuff didn't work. Re-read Phoronix comments and applied some fixes. My stuff works again.

        Thanks random Phoronix commenters.

        Comment


        • #5
          Originally posted by skeevy420 View Post
          Came to Phoronix. Saw an article about FF certificates and plugins not working. My stuff worked. Read Phoronix comments and saw some fixes. Went on about my day.

          Three hours later my stuff didn't work. Re-read Phoronix comments and applied some fixes. My stuff works again.

          Thanks random Phoronix commenters.
          Same here, except nothing broke I just read angry comments out of pleasure.

          Comment


          • #6
            Originally posted by Daktyl198 View Post

            1. There was a solution released within a few hours of it happening. You just had to enable the studies option so that they could deliver it to you as a non-full release update, then turn studies back off.
            if you think i'm enabling studies after that mister robot stunt, you must be insane

            weekend or not, they should have known the cert was expiring for weeks
            Last edited by some_canuck; 05-05-2019, 09:07 PM.

            Comment


            • #7
              I'm indifferent, myself. When it happened I just switched to Waterfox and went about my life. Still using it. Not exactly sure if I want to trust Mozilla with anything anymore (especially after the aforementioned Mr. Robot thing)

              Comment


              • #8
                The truly stupid thing is that an expired code signing cert should not invalidate previous signatures. They have implemented this incorrectly in Firefox.

                Comment


                • #9
                  Originally posted by Daktyl198 View Post
                  1. There was a solution released within a few hours of it happening. You just had to enable the studies option so that they could deliver it to you as a non-full release update, then turn studies back off.
                  2. It's the weekend. They probably had to call people in who were at home to deal with this, hence the delayed response time in the first place.
                  3. A full update build of the browser can't just be pushed. It has to go through chains of testing before being released.
                  There is a problem here studies on Debian distributions for example have studies disabled at build time so turning studies on is something that does not work..

                  Of course after you read the studies configuration file you find a xpi you can install then uninstall so fixing the problem without studies enabled.
                  https://normandy.cdn.mozilla.net/api/v1/recipe/
                  Yes having to search here for hotfix because Mozilla developers decided not in the bug to include the xpi option was being a pain.

                  This in fact shows a fairly bad security issue lack of a proper key management interface.

                  Yes it was also interesting that the distribution installed stuff was not effected by the signing key issue.

                  Comment


                  • #10
                    Originally posted by Daktyl198 View Post
                    1. There was a solution released within a few hours of it happening. You just had to enable the studies option so that they could deliver it to you as a non-full release update, then turn studies back off.
                    You also have to tell that the studies you mention took usually ~6 hours to get installed.

                    Comment

                    Working...
                    X